Risk aware Access Control model for Trust Based collaborative organizations in cloud

  • Abstract
  • Keywords
  • References
  • PDF
  • Abstract

    Secure interactions between collaborative organizations having their applications and data stored in “Cloud Computing” are a critical issue. Access control is the biggest challenge and trust is regarded as an essential secured relationship within a distributed system. Basic access control models, like Discretionary Access Control, Mandatory Access Control, and Role Based Access Control, cannot satisfy requirements in such environment, and need some improvements. During the collaboration, the attitude of the user may change. Therefore, in this context, adding trust management to an access control model is mandatory. To achieve this goal, in this paper, a new trust model to control access in the cloud is proposed. The aim is to monitor in real-time security for collaborative organizations, having decided to migrate to the cloud.



  • Keywords

    Cloud computing; trust model; access control; collaborative systems; security policy; trust management

  • References

      [1] R. Sandhu, P. Samarati, “Access control: principles and practice”, IEEE Communications Magazine, vol. 32(9), 1994, pp. 40-48.J. Clerk Maxwell, A Treatise on Electricity and Magnetism, 3rd ed., vol. 2. Oxford: Clarendon, 1892, pp.68-73.

      [2] Aluvalu RajaniKanth and Lakshmi Muddana. "A Survey on Access Control Models in Cloud Computing." Emerging ICT for Bridging the Future-Proceedings of the 49th Annual Convention of the Computer Society of India (CSI) Volume 1. Springer International Publishing, 2015.

      [3] M. J. Covington, P. Fogla, Z. Zhan, M. Ahamad, “A context-aware security architecture for emerging applications”, in Proc. 18th Annual Computer Security Applications Conference (ACSAC '02), Washington DC., 2002, pp. 249, IEEE Computer Society.

      [4] Pau-Chen Cheng, P. Rohatgi, C. Keser, P.A. Karger, G.M. Wagner, and A.S. Reninger. “Fuzzy multi-level security: An experiment on quantified risk-adaptive access control”. In Security and Privacy, 2007., pages 222 –230, may 2007.

      [5] S-. Chae, W. Kim, D-. Kim, “Role-based access control model for ubiquitous computing environment”, Information Security Applications, vol. 3786, February 2006, Springer Berlin / Heidelberg, pp. 354-363.

      [6] Khalid Zaman Bijon, Ram Krishnan, and Ravi Sandhu.” Towards an attribute based constraints specfication language”. In Privacy, Security, Risk and Trust (PASSAT), 2012 International Conference on and 2012 International Conference on Social Computing (SocialCom).

      [7] Langaliya, Chirag, and Rajanikanth Aluvalu. "Enhancing cloud security through access control models: A survey." International Journal of Computer Applications 112.7 (2015).

      [8] L Chen and J Crampton. “Risk-aware role-based access control”. In 7th International Workshop on Security and Trust Management, 2011.

      [9] Liang Chen, Luca Gasparini, and Timothy J Norman. “XACML and risk-aware access control”. Resource, 2(10):3–5, 2013.

      [10] Pau-Chen Cheng, P. Rohatgi, C. Keser, P.A. Karger, G.M. Wagner, and A.S. Reninger. “Fuzzy multi-level security: An experiment on quantified risk-adaptive access control”. In Security and Privacy, 2007., pages 222 –230, may 2007.

      [11] Qun Ni, Elisa Bertino, and Jorge Lobo. “Risk-based access control systems built on fuzzy inferences”. ASIACCS ’10, pages 250–260, New York, NY, USA, 2010. ACM.

      [12] S. Kandala, R. Sandhu, and V. Bhamidipati. “An attribute based framework for risk-adaptive access control models”. In Avail., Reliab. and Sec. (ARES), aug. 2011.

      [13] Ian Molloy, Luke Dickens, Charles Morisset, Pau-Chen Cheng, Jorge Lobo, and Alessandra Russo. “Risk-based security decisions under uncertainty”. CODASPY ’12, 2012.

      [14] Goyal, V., Pandey, O., Sahai, A. and Waters, B., 2006, October. “Attribute-based encryption for fine-grained access control of encrypted data”. InProceedings of the 13th ACM conference on Computer and communications security (pp. 89-98). Acm.

      [15] Bethencourt, J., Sahai, A., Waters, B.: “Ciphertext-policy attribute-based encryption”. In: Proceedings of the IEEE Symposium on Security and Privacy (2007).

      [16] Vanraj Kamliya and Rajnikanth Aluvalu. Article: A Survey on Hierarchical Attribute Set based Encryption (HASBE) Access Control Model for Cloud Computing. International Journal of Computer Applications 112(7):4-7, February 2015.

      [17] Bijon, Khalid Zaman, Ram Krishnan, and Ravi Sandhu. "A framework for risk-aware role based access control." Communications and Network Security (CNS), 2013 IEEE Conference on. IEEE, 2013.

      [18] Karthick, A. V., E. Ramaraj, and R. Ganapathy Subramanian. "An efficient multi queue job scheduling for cloud computing." Computing and Communication Technologies (WCCCT), 2014 World Congress on. IEEE, 2014.




Article ID: 20235
DOI: 10.14419/ijet.v7i4.6.20235

Copyright © 2012-2015 Science Publishing Corporation Inc. All rights reserved.